The 2015 Data Protection Best Practices and Risk Assessment Guides has revealed that in January to June last year, over 30 percent of data breaches involving the loss of personally identifiable information (PII) were caused by internal intrusions, while a further 29 percent were caused either accidentally or maliciously by employees. Richard Pharro, CEO of APM Group, gives his opinions on those findings.
“These results confirm the very real world of cyber and data security,” Pharro said. “All too many businesses imagine threats to their data emanate solely out of the criminal underworld and are therefore beyond their reach or control. The impact of this is a defeatist attitude: ‘If would-be hackers are bent on accessing my company’s data, what can I really do to stop them?’ Those threats do of course exist and indeed are growing, but the most prominent and pertinent threats to businesses’ data relate to human error and data hygiene.”
Free Cyber Security Training! Join the revolution today!
Pharro continued: “CEOs must now become fluent in the language of cyber security and advance the way in which their companies deal with threats. Security officers should be monitoring their internal workings more proactively and reacting to attacks in a much more dynamic manner. It must be remembered by all that a successful security framework will protect from the inside out, outside in, and along the lines of the perimeter, all the while collecting information and contextualising it to provide actionable intelligence.
“Assessing internal capabilities and competencies in all respects is a much more effective way of dealing with the new style of threat, and this can be done on an almost routine basis using capability assessment tools. Organisations have at their disposal dynamic tools that can empower companies with a tailored, on-going assessment of their current cyber security ability to highlight ‘at risk’ areas. This then provides a detailed roadmap on how best to mitigate these factors,” he explained.
“The culture of social media and the lax attitude to privacy that goes with it is a trait that is contrary to business protocol regarding the disclosure of commercially sensitive information. Employees now have the platform to disclose this to potentially large amounts of Twitter and Facebook users, but these sites are also significant targets for cyber criminals.
“A rigorous policy backed up with regular training must be the solution. Companies should also be mindful that analysis of these social conversations can create security intelligence which in the longer term can feed into processes and enhance security levels within the company,” Pharro added.
“Data security is now clearly a board room issue which must be front of mind for those at all levels within the company. As a baseline solution, passwords should be kept updated, and sensitive files should always be encrypted. Regular training on phishing and malware can form an integral part of the preventions process. Clear visibility puts companies in the strongest possible position, so capability and assessment tools can provide much needed direction in this area.”
Pharro concluded, “Cyber security is now an essential part of our interconnected business world and requires the full attention of senior management as pressures increase and mobile integration advances.”
About APM Group
APM Group is a global examination institute specialising in professional certifications. Our portfolio includes the prestigious CESG Certified Professional (CCP) and Certified Training (CCT) schemes, CDCAT® – the unique Cyber Defence Capability Assessment Tool and a host of industry recognised certifications; ISO/IEC 20000, ISO/IEC 27001, COBIT®5, IAITAM®, OBASHI® and many more.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.